The classic guide to cryptography and network security – now fully updated! “Alice and Bob are back!” Widely regarded as the most comprehensive yet comprehensible guide to network security and cryptography, the previous editions of Network Security received critical acclaim for lucid and witty explanations of the inner workings of cryptography and network security protocols. In this edition, the authors have significantly updated and revised the previous content, and added new topics that have become important. This book explains sophisticated concepts in a friendly and intuitive manner. For protocol standards, it explains the various constraints and committee decisions that led to the current designs. For cryptographic algorithms, it explains the intuition behind the designs, as well as the types of attacks the algorithms are designed to avoid. It explains implementation techniques that can cause vulnerabilities even if the cryptography itself is sound. Homework problems deepen your understanding of concepts and technologies, and an updated glossary demystifies the field's jargon. Network Security, Third Edition will appeal to a wide range of professionals, from those who design and evaluate security systems to system administrators and programmers who want a better understanding of this important field. It can also be used as a textbook at the graduate or advanced undergraduate level. Coverage includes Network security protocol and cryptography basics Design considerations and techniques for secret key and hash algorithms (AES, DES, SHA-1, SHA-2, SHA-3) First-generation public key algorithms (RSA, Diffie-Hellman, ECC) How quantum computers work, and why they threaten the first-generation public key algorithms Quantum-safe public key algorithms: how they are constructed, and optimizations to make them practical Multi-factor authentication of people Real-time communication (SSL/TLS, SSH, IPsec) New applications (electronic money, blockchains) New cryptographic techniques (homomorphic encryption, secure multiparty computation)

The National Institute of Standards and Technology Special Publication 800-63-1, “Electronic Authentication Guidelines” recommendation provides technical guidelines for Federal agencies implementing electronic authentication and is not intended to constrict the development or use of standards outside of this purpose. This publication supersedes NIST SP 800-63. The recommendation covers remote authentication of users (such as employees, contractors, or private individuals) interacting with government IT systems over open networks. It defines technical requirements for each of four levels of assurance in the areas of identity proofing, registration, tokens, management processes, authentication protocols and related assertions. ~

The National Institute of Standards and Technology is in the process of selecting public-key cryptographic algorithms through a public, competition-like process. The new public-key cryptography standards will specify additional digital signature, public-key encryption, and key-establishment algorithms to augment Federal Information Processing Standard (FIPS) 186-4, Digital Signature Standard (DSS), as well as NIST Special Publication (SP) 800-56A Revision 3, Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography, and SP 800-56B Revision 2, Recommendation for Pair-Wise Key Establishment Using Integer Factorization Cryptography. It is intended that these algorithms will be capable of protecting sensitive information well into the foreseeable future, including after the advent of quantum computers. The first round of the NIST Post-Quantum Cryptography Standardization Process began in December 2017 with 69 candidate algorithms that met both the minimum acceptance criteria and submission requirements. The first round lasted until January 2019, during which candidate algorithms were evaluated based on their security, performance, and other characteristics. NIST selected 26 algorithms to advance to the second round for more analysis. The second round continued until July 2020, after which seven 'finalist' and eight 'alternate' candidate algorithms were selected to move into the third round. This report describes the evaluation and selection process, based on public feedback and internal review, of the third-round candidates. The report summarizes each of the 15 third-round candidate algorithms and identifies those selected for standardization, as well as those that will continue to be evaluated in a fourth round of analysis. The public-key encryption and key-establishment algorithm that will be standardized is CRYSTALS-Kyber. The digital signatures that will be standardized are CRYSTALS-Dilithium, Falcon, and SPHINCS+. While there are multiple signature algorithms selected, NIST recommends CRYSTALS-Dilithium as the primary algorithm to be implemented. In addition, four of the alternate key-establishment candidate algorithms will advance to a fourth round of evaluation: BIKE, Classic McEliece, HQC, and SIKE. These candidates are still being considered for future standardization. NIST will also issue a new Call for Proposals for public-key digital signature algorithms to augment and diversify its signature portfolio.

The National Institute of Standards and Technology is in the process of selecting one or more public-key cryptographic algorithms through a public competition-like process. The new public-key cryptography standards will specify one or more additional digital signature, public-key encryption, and key-establishment algorithms to augment FIPS 186-4, Digital Signature Standard (DSS), as well as special publications SP 800-56A Revision 2, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography, and SP 800-56B, Recommendation for Pair-Wise Key-Establishment Schemes Using Integer Factorization. It is intended that these algorithms will be capable of protecting sensitive information well into the foreseeable future, including after the advent of quantum computers. In November 2017, 82 candidate algorithms were submitted to NIST for consideration. Among these, 69 met both the minimum acceptance criteria and our submission requirements, and were accepted as First-Round Candidates on Dec. 20, 2017, marking the beginning of the First Round of the NIST Post-Quantum Cryptography Standardization Process. This report describes the evaluation criteria and selection process, based on public feedback and internal review of the first-round candidates, and summarizes the 26 candidate algorithms announced on January 30, 2019 for moving forward to the second round of the competition. The 17 Second-Round Candidate public-key encryption and key-establishment algorithms are BIKE, Classic McEliece, CRYSTALS-KYBER, FrodoKEM, HQC, LAC, LEDAcrypt (merger of LEDAkem/LEDApkc), NewHope, NTRU (merger of NTRUEncrypt/NTRU-HRSS-KEM), NTRU Prime, NTS-KEM, ROLLO (merger of LAKE/LOCKER/Ouroboros-R), Round5 (merger of Hila5/Round2), RQC, SABER, SIKE, and Three Bears. The 9 Second-Round Candidates for digital signatures are CRYSTALS-DILITHIUM, FALCON, GeMSS, LUOV, MQDSS, Picnic, qTESLA, Rainbow, and SPHINCS+.

This Recommendation specifies four types of SHA-3-derived functions: cSHAKE, KMAC, TupleHash, and ParallelHash, each defined for a 128- and 256-bit security strength. cSHAKE is a customizable variant of the SHAKE function, as defined in Federal Information Processing Standard (FIPS) 202. KMAC (for KECCAK Message Authentication Code) is a variable-length message authentication code algorithm based on KECCAK; it can also be used as a pseudorandom function. TupleHash is a variable-length hash function designed to hash tuples of input strings without trivial collisions. ParallelHash is a variable-length hash function that can hash very long messages in parallel.